COMMAND

    Site Server

SYSTEMS AFFECTED

    - Microsoft Site Server 3.0
    - Microsoft Site Server 3.0 Commerce Edition
    - Microsoft Commercial Internet System 2.0 and 2.5

PROBLEM

    Site  Server  3.0  (which  MCIS  is  based  on) offers a method of
    authentication using Cookies.  However, when SS sends a new cookie
    to a client, it does not flag the page the cookies is set on  with
    an expiration header.  If that page is cached, and multiple  users
    are using the same cache, its  possible that one user may get  the
    authentication cookie of another user.

SOLUTION

    Patch available at:

        ftp://ftp.microsoft.com/bussys/sitesrv/sitesrv-public/fixes/usa/siteserver3/Hotfixes-PostSP2/ProxyCache/